Is it a bug at $this->input->post function ?

mihu

Posted: 24 July 2008 12:44 PM

[ Ignore ]

Grad Student

Total Posts: 37

Joined 03-15-2007

hmm ... I am not sure this is a bug or not. Let me try to explain what happened here.

http://codeigniter.com/user_guide/libraries/input.html


$this->input->post('some_data', TRUE);

I was trying to run through XSS filter by setting 2nd parameter to “true”.

Somehow the XSS filter convert or encoded my string to other encoded characters which trigger a sql error due to using diff. encoded in the same string.

If you enter “�” at input text field and submit, you will get the other encoded character.
like http://en.wikipedia.org/wiki/Ê

Please let me know if you need other information. :D

Signature

TtTsai

Profile

‹‹ Quotes in mime type when uploading double last record when using foreach($query->result() as $item) ››

Username		Remember Me?
Password		forgot password?

Post Marker Legend
	New posts	Hot Topic with new posts	New Poll	Moved Topic	Sticky topic
	No new posts	Hot Topic with no new posts	Old Poll	Closed Topic	Announcements

Visitor Statistics
The most visitors ever was 719, on June 06, 2008 10:16 AM
Total Registered Members:	61059	Total Logged-in Users:	18
Total Topics:	73867	Total Anonymous Users:	1
Total Replies:	398465	Total Guests:	343
Total Posts:	472332